Integrations
Integrations
Section titled “Integrations”CBOM integrates with your existing toolchain to embed cryptographic visibility into the workflows your teams already use — ticketing, alerting, CI/CD, SIEM, and supply chain security.
Integration Catalog
Section titled “Integration Catalog”| Integration | Category | Status | Description |
|---|---|---|---|
| Jira | Ticketing & Workflow | 🔜 Coming Soon | Auto-create tickets for violations and expiring certs |
| ServiceNow | Ticketing & Workflow | 🔜 Coming Soon | CMDB sync and incident creation |
| Slack | Communication | 🔜 Coming Soon | Real-time alerts to Slack channels |
| Microsoft Teams | Communication | 🔜 Coming Soon | Alerts via Teams webhooks or Power Automate |
| Communication | ✅ Available | Built-in email notifications for alerts and reports | |
| CI/CD Pipelines | CI/CD | 🔜 Coming Soon | Fail builds on crypto policy violations |
| Splunk / SIEM | SIEM & Monitoring | 🔜 Coming Soon | Forward events to Splunk, Elastic, or Datadog |
| ServiceNow CMDB | CMDB & Asset Management | 🔜 Coming Soon | Sync crypto assets as Configuration Items |
| SBOM Toolchain | Standards & Compliance | ✅ Available | CycloneDX BOM-Link for SBOM↔CBOM linking |
Categories
Section titled “Categories”Ticketing & Workflow
Section titled “Ticketing & Workflow”Automatically create and track remediation work when CBOM detects issues.
- Jira — Create tickets with full context: asset details, violation reason, remediation steps
- ServiceNow — Incidents and change requests integrated with your ITSM workflow
Communication
Section titled “Communication”Keep security teams informed in real time.
- Slack — Channel notifications for cert expiry, violations, and scan results
- Microsoft Teams — Webhook-based alerts for Microsoft 365 environments
- Email — Built-in SMTP notifications (available now)
Shift-left crypto compliance by catching issues before they reach production.
- GitHub Actions, GitLab CI, Jenkins, Azure DevOps — Run CBOM policy checks as pipeline gates
SIEM & Monitoring
Section titled “SIEM & Monitoring”Feed crypto events into your security operations center.
- Splunk / SIEM — HEC, syslog, or API-based event forwarding to any SIEM
CMDB & Asset Management
Section titled “CMDB & Asset Management”Maintain accurate crypto asset records in your enterprise CMDB.
- ServiceNow CMDB — Sync crypto assets as CIs with relationships to servers and applications
Standards & Compliance
Section titled “Standards & Compliance”Connect CBOM to the broader software supply chain security ecosystem.
- SBOM Toolchain — CycloneDX v1.6 export with BOM-Link for SBOM integration
Integration Architecture
Section titled “Integration Architecture”All integrations use the CBOM event system. When something happens (asset discovered, policy violated, cert expiring), CBOM emits an event. Integrations subscribe to events and route them to external systems.
┌─────────────┐ ┌──────────────┐ ┌─────────────────┐│ CBOM Core │────▶│ Event Engine │────▶│ Integrations ││ (Sensors, │ │ (Subscribe, │ │ (Slack, Jira, ││ Policies) │ │ Filter) │ │ SIEM, CI/CD) │└─────────────┘ └──────────────┘ └─────────────────┘Common Event Types
Section titled “Common Event Types”These events can trigger any integration:
| Event | Description |
|---|---|
cert_expiry_warning | Certificate approaching expiration (30/14/7 day thresholds) |
cert_expired | Certificate has expired |
new_critical_asset | New asset discovered with CRITICAL quantum risk |
policy_violation | Asset violates an active compliance policy |
risk_level_changed | Asset risk classification changed |
scan_failure | Sensor scan failed or timed out |
lifecycle_state_changed | Asset moved to a new lifecycle state |
compromised_asset | Asset marked as compromised |
new_asset_discovered | Any new asset added to inventory |
Related
Section titled “Related”- Dashboard — View integration status
- Policies — Define rules that trigger integration events
- API Reference — Build custom integrations via REST API